Private and public cloud solutions are possible options if your business is migrating services to the cloud (hybrid cloud is yet another approach). These are key factors to consider before deciding whether private cloud or public cloud is the better fit for your company.
If you run a small business that has a tight budget, you should consider a public cloud provider, because you only pay for what you need. Plus, you probably lack the funds to invest in hardware, software, and staff necessary to set up a private cloud.
If you're at a large organization with a bigger budget, it might be cheaper to invest in a private cloud than rent a lot of public cloud resources in order to run long-term projects. You will have complete control over security, compliance, hardware, virtual servers, failover algorithms, and Service Level Agreements (SLAs).
Security and compliance
If your organization has Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), and/or Payment Card Industry Data Security Standard (PCI DSS) compliance requirements to meet, you should choose a private cloud to process or store sensitive documents. You know where in the private cloud the documents are when you want them. Also, your organization has certain security controls that a public cloud provider doesn't have.
The public cloud is more suitable for processing and storing non-sensitive data (you don't care where they are in the cloud). You will likely be satisfied with a public cloud provider's security controls.
Hardware and virtual server control
Software as a Service (SaaS) users and Platform as a Service (PaaS) developers have no control over hardware and virtual servers; the only control a SaaS user has is to access an SaaS application. PaaS developers have control over the SaaS application life cycle; they decide what stress testing methodology to use and what operating system to run on the platform. Only the provider has the control over hardware and virtual servers.
If your organization wants complete control over hardware and virtual servers, you should consider a private cloud. If your budget is limited, I recommend looking for a public cloud provider. You can rent a SaaS application or develop simple applications on the PaaS of your choice.
If you choose to set up a private cloud, you will have complete control over a failover plan to ensure the cloud service will be available to users. You specify which healthy servers can automatically take over when a server's connection fails, or when the server experiences sudden loading spikes. You can test your failover algorithms in different scenarios to make sure they will work properly when a server begins to fail.
A public cloud provider has complete control over a failover plan — the provider doesn't share its proprietary failover algorithms with you. The public cloud is the right choice if you don't care about the location of any server or which healthy servers would take over.
A private cloud helps an organization have complete control over SLA management. Your business can see how direct and indirect SLAs are related and what metrics are used in each SLA to measure service availability at given points of time.
A public cloud provider has control over SLAs with all tenants. As a public cloud subscriber, your organization should be allowed limited negotiation on the terms in a SLA, including an exit clause. The provider will not let you view SLAs it has with other tenants and vendors.
If you have sufficient funds, have compliance requirements to meet, and want complete control over security, hardware, failover, and SLA management, a private cloud is your best bet. Otherwise, I advise you to opt for a public cloud provider.
What criteria would you add to this list? Let us know in the discussion.
Judith M. Myerson is a Systems Engineering Consultant and Security Professional. She is the editor of Enterprise System Integration and the author of RFID in the Supply Chain. She has researched and published articles on a wide range of cloud computing topics, RFID, security, networking, and mobile. She was awarded a Master of Science degree in Engineering (Computer and Information Sciences). President of a toastmasters group, Judith was awarded her Advanced Communications Gold certificate. She is a member of The Operational Security Professional Association.